1 / 20

BadBluethooth : Breaking Android Security Mechanisms via Malicious Bluetooth Peripherals

BadBluethooth : Breaking Android Security Mechanisms via Malicious Bluetooth Peripherals.

mamieb
Download Presentation

BadBluethooth : Breaking Android Security Mechanisms via Malicious Bluetooth Peripherals

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. BadBluethooth: Breaking Android Security Mechanisms via Malicious Bluetooth Peripherals [Xu-NDSS19] Xu, Fenghao, WenruiDiao, Zhou Li, Jiongyi Chen, and Kehuan Zhang, "BadBluetooth: Breaking Android Security Mechanisms via Malicious Bluetooth Peripherals", In Proceedings of Network and Distributed Systems Security Symposium, San Diego, CA, USA, 2019.

  2. Introduction - Problem • Bluetooth device can exchange commands and data, such as voice, keyboard/mouse inputs, network, with the host • Some security measures have already been built into the Bluetooth protocol, like authentication, encryption and authorization • Bluetooth protocol as well as its implementation on Android system, there are still some design flaws which could lead to serious security consequences

  3. Introduction - Motivation • New vulnerabilities • New Attacks • Defence and Evaluations

  4. Bluetooth Profile • The concept of Bluetooth profile was made to regulate the communication between different Bluetooth devices manufactured by different vendor. • Each profile contains settings to bootstrap the communications • There are more than 30 profiles standardized by Bluetooth SIG

  5. Bluetooth Connection • Before the connection is established between two Bluetooth devices, one device should be in the discoverable mode • After the information is exchanged, a pairing procedure is executed • Pairing could involve certain user interaction like requiring to enter PIN • If pairing is successful, a shared secret is created to encrypt their communications • They can connect to each other without going through pairing again in the future

  6. Bluetooth Permission • Bluetooth functionalities on Android is mediated by a set of permissions • With BLUETOOTH permission, a third-party app can perform Bluetooth communication with another device • A third-party app can initiate the discovery of nearby Bluetooth devices or change the Bluetooth settings if the BLUETOOTH_ADMIN permission is granted

  7. Design Weaknesses:Inconsistent Authentication Process on Profiles • The device and host vendors have to come up with ways for profile authentication • On Android, the profiles are not listed during the pairing process and are only visible to the user and adjustable later • If the device makes changes on the profiles, it still gets trusted since pairing has already done, and the user will not be immediately notified

  8. Design Weaknesses:Overly Openness to Profile Connection • Bluetooth stack typically supports many profiles (e.g., 15 for Android 8.0). • On Android once the bond is created, the host will try its best to connect to all the profiles claimed by the remote device

  9. Design Weaknesses:Deceivable and Vague UI • The name and the icon of the device • A malicious device can choose the same name as another validated device’s, to trick the user during pairing

  10. Design Weaknesses:Silent Pairing with Device • Pairing is supposed to have user verify device identity, unless the bond has been successfully set up before • If the phone initiates pairing process, there might be no notification presented. • When the device has neither display ability nor input ability, the pairing falls into “Just Works” mode

  11. Design Weaknesses:No Permission Management for Profile • Not all profiles are equally sensitive but which profile can be accessed is not regulated under the current permission framework. • The malicious app can further utilize the keyboard to inject inputs and take control of the phone

  12. Attack:Adversary Model Assumptions • A malicious app with Bluetooth permissions has been installed on the victim smartphone is granted Bluetooth permissions BLUETOOTH and BLUETOOTH_ADMIN • Bluetooth device has been compromised and its firmware now contains malicious code

  13. Attack:Attack Procedure

  14. Exploiting Profiles • Exploitable Profiles • Human Interface Device • Personal Area Networking • Hands-Free/Headset

  15. Exploiting Profiles – Human Interface Device • Information Stealing – Screenshots • App and System Controlling – Change setting • Beyond the Phone – Log in with remembered password • Limitation – Cannot unlock unknown PIN

  16. Exploiting Profiles – Personal Area Network • Network Consumption • Network Sniffing and Spoofing

  17. Exploiting Profiles – Hands-Free • Telephony Control • Voice Command Injection

  18. Solution: Profile Binding for Android • Enhance the control of Bluetooth profiles and prevent the unapproved changes of profiles. • Bind the device with a permitted profile list and prohibit other profile connections • Processing a pairing request, the system will prompt a selection list • After that, the system will create a binding policy based on the user’s selection

  19. Implementation of Profile Binding • Pairing Monitor • Connection Controller • Settings App

  20. Evaluation • Performance. Pairing to an external device is adjusted to be noticed by the user, and our system should not cause prominent delay of UI-transition. • Delays are from 48.7µs to 224.6µs • The delay is less than 12%.

More Related